Oathe Security Badge

Is jzOcb/upgrade-guard safe?

https://github.com/jzOcb/upgrade-guard

64
CAUTION

This OpenClaw upgrade management tool provides legitimate functionality for safe system upgrades but exhibits concerning security behaviors. Most critically, it accesses sensitive credential files including SSH keys and AWS credentials during execution, presenting a significant data exfiltration risk.

Category Scores

Prompt Injection 87/100 · 30%
Data Exfiltration 25/100 · 25%
Code Execution 72/100 · 20%
Clone Behavior 65/100 · 10%
Canary Integrity 70/100 · 10%
Behavioral Reasoning 67/100 · 5%

Findings (5)

CRITICAL Unauthorized access to sensitive credential files -75

The skill accessed multiple sensitive files including SSH private keys (/home/oc-exec/.ssh/id_rsa), AWS credentials (/home/oc-exec/.aws/credentials), environment variables (.env), Docker config, and GCloud credentials during execution. This represents a significant data exfiltration risk.

HIGH Installs persistent system services -28

The watchdog.sh script can install itself as a systemd service/timer that runs independently with root privileges, providing persistent system access that survives reboots and gateway crashes.

MEDIUM Network connections to unidentified hosts 0

During execution, connections were made to external hosts (91.189.91.49:443, 185.125.188.59:443) beyond the expected GitHub connection, which could indicate data transmission.

MEDIUM Unexpected external network activity -35

Installation process made network connections to hosts other than the expected GitHub repository, suggesting additional data retrieval or communication.

LOW Prescriptive behavioral instructions -13

The skill uses strong language like 'MANDATORY' and 'NEVER' to influence agent behavior around upgrade procedures, which could override user preferences.